Viruses and worms are well known threats to computer networks and the computers on those networks. Such malicious software impairs computer performance and is costly to monitor and remove. Many large institutions spend millions of dollars to protect their computer systems from viruses, worms, and other forms of software attacks.
Portable computing devices (e.g., personal digital assistants (PDAs), cell phones, and laptop computers) are becoming more common and are increasingly the targets of malicious software attacks. Portable devices are particularly susceptible when they are linked via a wireless network. Wireless networks can facilitate rapid propagation of malicious software because portable devices can form temporary wireless links with many other devices. New links can be easily and rapidly established with infected devices that can, in turn, infect other devices. With cell phones and other portable devices having increased messaging functionality and connectivity to wireless networks, the potential for viruses and worms to infect such portable devices and cause damage is increasing rapidly.
In fact, malicious viruses and worms specifically designed for infecting portable devices have already been created. In June, 2004 the first widespread worm attack against wireless networks appeared. The Cabir worm, once activated in a mobile device, instructs the device to constantly search for any nearby Bluetooth-enabled devices. When a Bluetooth device is found, the Cabir worm sends a copy of itself to this device, and then continues to propagate to any other devices connected to the Bluetooth network. The Cabir worm is damaging in that it creates unnecessary network traffic and greatly increases the power drain on the infected devices as a result of constant searching for other Bluetooth devices.
Using conventional techniques, portable devices and wireless networks can be difficult to protect from malicious code. Conventional techniques for protecting a computer system from software attacks, such as antivirus programs and firewalls, typically employ a scanning function to detect known malicious code. All downloaded or executed code or network message packets are scanned for instructions or other “signatures” known to be present in worms or viruses. This technique is problematic when employed in portable devices because it can greatly increase power consumption and thereby reduce battery life. Also, scanning for malicious code can significantly reduce the performance of the microprocessors found in portable devices, since portable devices typically have relatively limited processing capability.
There is a need in the art for a system and method for detecting malicious software attacks. It would be particularly advantageous to detect software attacks in a manner that does not significantly increase battery drain or overload the microprocessor. A low-power, reliable, and simple detection method would be particularly applicable for use in wirelessly networked portable electronic devices.